Beyond Internet security to risk management

Menu

Category Archives: spam

Glitches happen, and this one illustrates how rankings with
big differences in spam volume are robust anyway.

A format change in an ancillary data source detected through consistency checks caused recomputations in selected rankings for September, October, and November 2013 in
Classic.
(Cloud. was unaffected).
The old versions are preserved as v1 rankings, and the differences are visible for these overall rankings:

Two out of three of Road Runner’s entries got worse, and one, AS11427 SCRR-11427,
popped up from #27 to join the top 10 at #9.

PaeTec
(Windstream) popped up from #45 to #3 with one week’s burst of spam.

Internap‘s
AS12180 INTERNAP-2BLK
dropped out of the top 10, plummetting from more than 5 million spam
messages in November to none observed in the CBL data in December.
Congratulations, Internap!
Continuum Data Centers’ AS53264 CDC-LMB1 also did well, dropping
from #10 to #57, down from 1.5 million to 0.25 million spam messages.

Twin Kelihos infections in twin countries!
Canada
in both
CBL
and
PSBL
rankings shows
tandem spam volume curves for
Bell Canada‘s
AS577 BACOM
and for
Shaw Communications
AS6327 SHAW.
Meanwhile,
Belgium
in both
CBL
and
PSBL
rankings
shows tandem curves for
Brutele‘s
AS12392 ASBRUTELE
and for
Belgacom‘s
AS5432 BELGACOM-SKYNET-AS.
This is not a coincidence, since all four networks show Kelihos infections in the CBL data.

How to do a ranking when you can’t present a rank list:
use a distribution graph.
Also how to do a randomized control trial when there are active
enemy agents:
five ways to find out if and how much they are affecting the results.
This was in my apparently annual talk at TPRC 41, the Telecommunications
Policy Research Conference in Arlington, Virginia.

With slides, abstract, full paper, and video.
The sound is not good, though; it was taken with my smartphone.
Why don’t conferences do their own video and put it on the web?
There were a few sensitive presentations at this one, but they
were few, and the rest could have gone up.
They didn’t, so I got somebody to video with my phone.

SpamRankings.net, a website launched by the University’s Center for
Research on Economic Commerce, displays rankings of companies by
number of outgoing spam messages generated from roughly 18,000 U.S.
and international organizations. The project creates models for
email providers to reduce spam and is funded by two grants from the
National Science Foundation, totaling approximately $1 million.

Head researcher John Quarterman said UT students, in particular, are
at a high risk for identity theft because of spam.

“UT has had a big problem with student information being
leaked to the outside world because of bad security,”
Quarterman said. “Spam is getting out that may contain private
information, like your identity.”

Quarterman said the easiest way for students to prevent spam from
entering their inboxes is to maintain up-to-date software.

“Make sure you have all the updates to your operating
system,” Quarterman said. “Antivirus software is worth
running as well.”

According to
Andrew Whinston, the center’s director and a management
information systems professor, students are susceptible to deceptive
links as they surf the Internet. Once the link is clicked, malicious
software enters the computer system and new spam is generated.

“You have to be careful and not go to websites on the Internet
that you are not really familiar with, or websites that are not
authenticated in some way,” Whinston said.

A secondary domain hosted by Bluehost was defaced by an opportunistic
attack. We are consolidating the secondary domains in our primary
provider and all domains will be pointing to our web site.

Last week I was looking to join SIRA’s email list and mistyped .com for .org.
Finding www.societyinforisk.com had “HaCKeD By : brkod” on it, I mentioned that to SIRA.
They fixed it as above.

The interesting part is that the VERIS Community Database is an effort
to expand the annual
Verizon Data Breach Investigations Report (DBIR)
into something more timely and comprehensive:
It’s not very big yet (63 commits and 1546 incidents),
but it’s a welcome start.
It doesn’t have nearly the comprehensiveness, frequency, nor regularity
of the spam blocklist data underlying
SpamRankings.net,
but it has, or it can have, more depth in reporting what happened and why.

Global cybercrime-fighting
association APWG is hosting its eCrime 2013 members meeting and research
conference in San Francisco next month to launch its second decade of
leading the global engagement with cybercrime, assembling commercial
leaders from multinational technology and financial services companies,
government and law enforcement agencies and industrial and academic
researchers from around the world to update the global agenda for the
long-term containment of the cybercrime scourge.

This is the tenth year of APWG,
and the seventh year of the eCrime Researchers Summit.